SYSTEM ANG METHOD FOR DETECTING MALIGNANT CODE OF ANALYSIS AVOID TYPE
摘要
Disclosed is a malignant code detection system capable of accurately detecting a malignant code in a widows environment. According to the present invention, the malignant code detection system comprises: a virtualization analysis server to extract first API call information called by a malignant code at a user level by executing a first malignant doubt execution file through a virtualization agent, and first kernel action information at a kernel level; a malignant code management server to detect a first malignant code by applying the first API call information and the first kernel action information to a predetermined malignant code ruleset; and a real time analysis server to extract second API call information called by the malignant code at the user level by executing a second malignant doubt execution file wherein the first malignant code is not detected, and second kernel action information at the kernel level. Thus, the malignant code detection system can more accurately detect a malignant code than the existing one by detecting the malignant code and even an analysis avoidant malignant code from an execution file through a virtualization analysis and a real machine analysis.
申请公布号
KR101602881(B1)
申请公布日期
2016.03.21
申请号
KR20150008745
申请日期
2015.01.19
申请人
KOREA INTERNET & SECURITY AGENCY
发明人
CHOI, BO MIN;KANG, HONG KOO;KIM, BYUNG IK;HWANG, TONG WOOK;LEE, TAI JIN;SHIN, YOUNG SANG;KIM, NAK HYUN